Computer Security Resource Center

Computer SecurityResource Center

Cryptographic Algorithm Validation Program

Project Links

Standards and Guidelines Tested Under the CAVP

The Computer Security Division at NIST maintains a number of cryptographic standards, and coordinates algorithm validation test suites for many of those standards. The Cryptographic Algorithm Validation Program (CAVP) currently has algorithm validation testing for the following cryptographic algorithms:

Additional Modes Of Operation For Symmetric Algorithms:

NIST Special Publication (SP) 800-38E, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Block-Oriented Storage Devices This SP specifies the XTS_AES mode of operation algorithm. This document approves the XTS-AES mode of the AES algorithm by reference to IEEE Std 1619-2007, subject to one additional requirement, as an option for protecting the confidentiality of data on block-oriented storage devices. The mode does not provide authentication of the data or its source.

Asymmetric Algorithms:

FIPS 186-4 (July 19, 2013), Digital Signature Standard (DSS) All of the changes between FIPS 186-3 and FIPS186-4 had already been incorporated into the CAVP testing tool; the testing of FIPS186-3 implementations is identical to the testing of FIPS 186-4 implementations. There is no need for a transition period in which both FIPS 186-3 and FIPS 186-4 validation would be performed. Previous CAVP validations for FIPS 186-3 will be considered as equivalent to those for FIPS 186-4. Vendors should start using FIPS 186-4 immediately.

Deterministic Random Bit Generator (DRBG) Algorithms:

NIST SP 800-90A, Recommendation for Random Number Generation Using Deterministic Random Bit Generators - Specifies four mechanisms mechanisms for the generation of random bits using deterministic methods There are four mechanisms discussed in this SP. These mechanisms are based on either hash functions (Hash_DRBG, HMAC_DRBG), block cipher algorithms using Counter mode (CTR_DRBG) or number theoretic (Dual EC_DRBG) problems.

Message Authentication Algorithms:

NIST SP 800-38B (May 2005), Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication - CMAC can be considered a mode of operation of the block cipher because it is based on an approved symmetric key block cipher, such as the Advanced Encryption Standard (AES) algorithm currently specified in FIPS 197. CMAC is also an approved mode of the Triple Data Encryption Algorithm (TDEA).

SP 800-38F (December 2012), Recommendation for Block Cipher Modes of Operation: Methods for Key Wrapping describes cryptographic methods that are approved for “key wrapping,” i.e., the protection of the confidentiality and integrity of cryptographic keys. In addition to describing existing methods, this publication specifies two new, deterministic authenticated-encryption modes of operation of the Advanced Encryption Standard (AES) algorithm: the AES Key Wrap (KW) mode and the AES Key Wrap With Padding (KWP) mode. An analogous mode with the Triple Data Encryption Algorithm (TDEA) as the underlying block cipher, called TKW, is also specified, to support legacy applications.

Key Derivation Functions (KDF) -

NIST SP 800-108 (Revised October 2009), Recommendation for Key Derivation Using Pseudorandom Functions - This Recommendation specifies techniques for the derivation of additional keying material from a secret key, either established through a key establishment scheme or shared through some other manner, using pseudorandom functions.

NIST SP 800-135 Revision 1 (December 2011), Recommendation for Existing Application-Specific Key Derivation Functions - Cryptographic keys are vital to the security of internet security applications and protocols. Many widely-used internet security protocols have their own application-specific Key Derivation Functions (KDFs) that are used to generate the cryptographic keys required for their cryptographic functions. This Recommendation provides security requirements for those KDFs.

Retired Validation Testing:

Two other cryptographic standards (MAC; ANSI X9.17 Key Management) no longer have active validation testing, but the standards remain in effect. Cryptographic module (FIPS 140-1 and FIPS 140-2) validation testing by the CMT laboratories may include testing for conformance to FIPS 113 and 171, as appropriate:

FIPS 113, Computer Data Authentication - Which specifies the generation of a Message Authentication Code (MAC), from ANSI X9.9, and